Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add new vulnerabilities to database #17

Open
3 of 12 tasks
andresriancho opened this issue Mar 30, 2015 · 1 comment
Open
3 of 12 tasks

Add new vulnerabilities to database #17

andresriancho opened this issue Mar 30, 2015 · 1 comment
Labels
enhancement priority:medium

Comments

@andresriancho
Copy link
Contributor

Description

Using vulndb in w3af I noticed that there are some missing vulnerabilities which need to be added to the database with low priority

Vulnerability list

  • 'Buffer overflow vulnerability'
  • 'MX injection vulnerability'
  • 'Unsafe preg_replace usage'
  • 'ReDoS vulnerability'
  • Server side include vulnerability
  • Persistent server side include vulnerability
  • Basic HTTP credentials
  • Path disclosure vulnerability (maybe it's already in the DB?)
  • Malware identified
  • CSP vulnerability
  • Missing X-Content-Type-Options header
  • Guessable credentials

Task

For each vulnerability we need to create a new JSON file inside the db directory (that looks like this) and make sure it passes all the tests.

References
@andresriancho andresriancho changed the title Add new vulnerabilities to database (nice-to-have) Add new vulnerabilities to database Jul 28, 2015
@andresriancho
Copy link
Contributor Author

Thanks to the amazing job from @snoopythesecuritydog we now have three more vulnerabilities in the DB!

https://github.com/vulndb/data/pull/42/files

andresriancho added a commit to vulndb/python-sdk that referenced this issue Jul 31, 2015
@andresriancho
New release including latest db entries
43d69d3 
vulndb/data#17
andresriancho added a commit to vulndb/python-sdk that referenced this issue Jul 31, 2015
@andresriancho
New release to include latest db entries
4b10aae 
vulndb/data#17
andresriancho added a commit to andresriancho/w3af that referenced this issue Jul 31, 2015
@andresriancho
Use latest vulnerabilities added in vulndb/data#17 vulndb/data#42
c9125c8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement priority:medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@andresriancho